A vulnerability affecting Next.js has been addressed. It impacted versions 15.0.4 through 15.1.8 and involved a cache poisoning bug leading to a Denial of Service (DoS) condition.
Under certain conditions, this issue may allow a HTTP 204 response to be cached for static pages, leading to the 204 response being served to all users attempting to access the page
More details: CVE-2025-49826
{ "github_reviewed": true, "github_reviewed_at": "2025-07-03T21:14:48Z", "nvd_published_at": "2025-07-03T21:15:27Z", "cwe_ids": [ "CWE-444" ], "severity": "HIGH" }